| Name | modelaudit JSON |
| Version |
0.2.4
JSON |
| download |
| home_page | None |
| Summary | Static scanning library for detecting malicious code, backdoors, and other security risks in ML model files |
| upload_time | 2025-08-28 10:11:31 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.9 |
| license | MIT |
| keywords |
ai
ml
model-scanning
pickle
pytorch
security
tensorflow
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# ModelAudit
**Secure your AI models before deployment.** Detects malicious code, backdoors, and security vulnerabilities in ML model files.
[](https://pypi.org/project/modelaudit/)
[](https://pypi.org/project/modelaudit/)
[](https://github.com/astral-sh/ruff)
[](https://github.com/promptfoo/promptfoo/blob/main/LICENSE)
<img width="989" alt="image" src="https://www.promptfoo.dev/img/docs/modelaudit/modelaudit-result.png" />
π **[Full Documentation](https://www.promptfoo.dev/docs/model-audit/)** | π― **[Usage Examples](https://www.promptfoo.dev/docs/model-audit/usage/)** | π **[Supported Formats](https://www.promptfoo.dev/docs/model-audit/scanners/)**
## π Quick Start
**Install and scan in 30 seconds:**
```bash
# Install ModelAudit with all ML framework support
pip install modelaudit[all]
# Scan a model file
modelaudit model.pkl
# Scan a directory
modelaudit ./models/
# Export results for CI/CD
modelaudit model.pkl --format json --output results.json
```
**Example output:**
```bash
$ modelaudit suspicious_model.pkl
β Scanning suspicious_model.pkl
Files scanned: 1 | Issues found: 2 critical, 1 warning
1. suspicious_model.pkl (pos 28): [CRITICAL] Malicious code execution attempt
Why: Contains os.system() call that could run arbitrary commands
2. suspicious_model.pkl (pos 52): [WARNING] Dangerous pickle deserialization
Why: Could execute code when the model loads
β Security issues found - DO NOT deploy this model
```
## π‘οΈ What Problems It Solves
### **Prevents Code Execution Attacks**
Stops malicious models that run arbitrary commands when loaded (common in PyTorch .pt files)
### **Detects Model Backdoors**
Identifies trojaned models with hidden functionality or suspicious weight patterns
### **Ensures Supply Chain Security**
Validates model integrity and prevents tampering in your ML pipeline
### **Enforces License Compliance**
Checks for license violations that could expose your company to legal risk
### **Finds Embedded Secrets**
Detects API keys, tokens, and other credentials hidden in model weights or metadata
### **Flags Network Communication**
Identifies URLs, IPs, and socket usage that could enable data exfiltration or C2 channels
### **Detects Hidden JIT/Script Execution**
Scans TorchScript, ONNX, and other JIT-compiled code for dangerous operations
## π Supported Model Formats
ModelAudit scans **all major ML model formats** with specialized security analysis for each:
| Format | Extensions | Risk Level | Notes |
| --------------- | ------------------------------------- | ---------- | -------------------------------------------- |
| **PyTorch** | `.pt`, `.pth`, `.ckpt`, `.bin` | π΄ HIGH | Contains pickle serialization - always scan |
| **Pickle** | `.pkl`, `.pickle`, `.dill` | π΄ HIGH | Avoid in production - convert to SafeTensors |
| **Joblib** | `.joblib` | π΄ HIGH | Can contain pickled objects |
| **SafeTensors** | `.safetensors` | π’ SAFE | Preferred secure format |
| **GGUF/GGML** | `.gguf`, `.ggml` | π’ SAFE | LLM standard, binary format |
| **ONNX** | `.onnx` | π’ SAFE | Industry standard, good interoperability |
| **TensorFlow** | `.pb`, SavedModel | π MEDIUM | Scan for dangerous operations |
| **Keras** | `.h5`, `.keras`, `.hdf5` | π MEDIUM | Check for executable layers |
| **JAX/Flax** | `.msgpack`, `.flax`, `.orbax`, `.jax` | π‘ LOW | Validate transforms |
Plus 10+ additional formats including ExecuTorch, TensorFlow Lite, Core ML, and more.
[View complete format documentation β](https://www.promptfoo.dev/docs/model-audit/scanners/)
## π― Common Use Cases
### **Pre-Deployment Security Checks**
```bash
modelaudit production_model.safetensors --format json --output security_report.json
```
### **CI/CD Pipeline Integration**
ModelAudit automatically detects CI environments and adjusts output accordingly:
```bash
# Recommended: Use JSON format for machine-readable output
modelaudit models/ --format json --output results.json
# Text output automatically adapts to CI (no spinners, plain text)
modelaudit models/ --timeout 300
# Disable colors explicitly with NO_COLOR environment variable
NO_COLOR=1 modelaudit models/
```
**CI-Friendly Features:**
- π« Spinners automatically disabled when output is piped or in CI
- π¨ Colors disabled when `NO_COLOR` environment variable is set
- π JSON output recommended for parsing in CI pipelines
- π Exit codes: 0 (clean), 1 (issues found), 2 (errors)
### **Third-Party Model Validation**
```bash
# Scan models from HuggingFace, PyTorch Hub, MLflow, JFrog, or cloud storage
modelaudit https://huggingface.co/gpt2
modelaudit https://pytorch.org/hub/pytorch_vision_resnet/
modelaudit models:/MyModel/Production
modelaudit model.dvc
modelaudit s3://my-bucket/downloaded-model.pt
modelaudit https://company.jfrog.io/artifactory/repo/model.pt \
--jfrog-api-token YOUR_TOKEN
```
### **Compliance & Audit Reporting**
```bash
modelaudit model_package.zip --sbom compliance_report.json --strict-license --verbose
```
[View advanced usage examples β](https://www.promptfoo.dev/docs/model-audit/usage/)
### βοΈ Advanced CLI Options
ModelAudit provides additional flags for specialized workflows:
- `--strict-license` β fail when incompatible or deprecated licenses are detected
- `--max-file-size BYTES` / `--max-total-size BYTES` β limit scanning of very large files
- `--max-download-size SIZE` β cap remote downloads (e.g., `500 MB`, `2 GB`)
- `--preview` β show size and metadata before downloading remote models
- `--cache/--no-cache` and `--cache-dir PATH` β control caching of cloud downloads
- `--no-skip-files` and `--selective/--all-files` β control which files are scanned in directories
- `--registry-uri URI` β scan models in an MLflow registry
- `--jfrog-api-token` / `--jfrog-access-token` β authenticate with JFrog Artifactory
### π Large Model Support (Up to 1 TB)
ModelAudit automatically optimizes scanning strategies for different model sizes:
- **< 100 GB**: Full in-memory analysis for comprehensive scanning
- **100 GB - 1 TB**: Chunked processing with 50 GB chunks for memory efficiency
- **1 TB - 5 TB**: Streaming analysis with intelligent sampling
- **> 5 TB**: Advanced distributed scanning techniques
Large models are supported with automatic timeout increases and memory-optimized processing.
### Static Scanning vs. Promptfoo Redteaming
ModelAudit performs **static** analysis only. It examines model files for risky patterns
without ever loading or executing them. Promptfoo's redteaming module is
**dynamic**βit loads the model (locally or via API) and sends crafted prompts to
probe runtime behavior. Use ModelAudit first to verify the model file itself,
then run redteaming if you need to test how the model responds when invoked.
## βοΈ Installation Options
**Basic installation (recommended for most users):**
### Quick Install Decision Guide
**π Just want everything to work?**
```bash
pip install modelaudit[all]
```
**π‘ Know what formats you need?**
```bash
# Basic installation (pickle, joblib, numpy, zip/tar archives)
pip install modelaudit
# Add only what you need
pip install modelaudit[tensorflow] # TensorFlow SavedModel (.pb)
pip install modelaudit[pytorch] # PyTorch models (.pt, .pth)
pip install modelaudit[h5] # Keras/H5 models (.h5, .keras)
pip install modelaudit[onnx] # ONNX models (.onnx)
pip install modelaudit[safetensors] # SafeTensors (.safetensors)
# Multiple formats
pip install modelaudit[tensorflow,pytorch,h5]
```
**βοΈ Need cloud storage support?**
```bash
pip install modelaudit[cloud] # S3, GCS, and Azure support
```
**β οΈ Having NumPy compatibility issues?**
```bash
# Some ML frameworks require NumPy < 2.0
pip install modelaudit[numpy1]
# Check what's working
modelaudit doctor --show-failed
```
**Docker installation:**
```bash
docker pull ghcr.io/promptfoo/modelaudit:latest
docker run --rm -v $(pwd):/data ghcr.io/promptfoo/modelaudit:latest model.pkl
```
### π¦ Dependency Reference
<details>
<summary><b>View all available extras and what they include</b></summary>
**Core ML Frameworks:**
| Extra | Includes | Use When |
| --------------- | ----------- | --------------------------------------- |
| `[h5]` | h5py | Scanning `.h5`, `.keras`, `.hdf5` files |
| `[onnx]` | onnx | Scanning `.onnx` model files |
| `[pytorch]` | torch | Scanning `.pt`, `.pth`, `.ckpt` files |
| `[safetensors]` | safetensors | Scanning `.safetensors` files |
| `[tensorflow]` | tensorflow | Scanning `.pb` SavedModel files |
**Specialized Tools:**
| Extra | Includes | Use When |
| ------------ | ----------- | ---------------------------------------- |
| `[coreml]` | coremltools | Scanning `.mlmodel` Core ML files |
| `[flax]` | msgpack | Scanning `.msgpack`, `.flax` JAX files |
| `[tensorrt]` | tensorrt | Scanning TensorRT engine files |
| `[tflite]` | tflite | Scanning `.tflite` TensorFlow Lite files |
| `[yaml]` | pyyaml | Scanning YAML configuration files |
**Data & Storage:**
| Extra | Includes | Use When |
| ---------- | -------------------- | -------------------------------------- |
| `[cloud]` | fsspec, s3fs, gcsfs | Scanning from S3, GCS, Azure storage |
| `[dill]` | dill | Scanning `.dill` serialized files |
| `[joblib]` | joblib, scikit-learn | Scanning `.joblib` scikit-learn models |
**Integration:**
| Extra | Includes | Use When |
| --------------- | -------------------------- | ------------------------------------- |
| `[huggingface]` | huggingface-hub (optional) | Explicit HuggingFace model downloadsΒΉ |
| `[mlflow]` | mlflow | Scanning MLflow model registry |
**Meta-packages:**
| Extra | Includes | Use When |
| ---------- | ---------------------------- | --------------------------------------- |
| `[all-ci]` | All frameworks (no platform) | CI/CD environments |
| `[all]` | All frameworks + tools | Maximum compatibility |
| `[numpy1]` | All frameworks + NumPy<2.0 | Resolving NumPy compatibility conflicts |
ΒΉ _Note: `huggingface-hub` is included in base installation; this extra is optional for explicit dependency management._
</details>
## π Output Formats
**Human-readable output (default):**
```bash
$ modelaudit model.pkl
β Scanning model.pkl
Files scanned: 1 | Issues found: 1 critical
1. model.pkl (pos 28): [CRITICAL] Malicious code execution attempt
Why: Contains os.system() call that could run arbitrary commands
```
**JSON output for automation:**
```json
{
"files_scanned": 1,
"issues": [
{
"message": "Malicious code execution attempt",
"severity": "critical",
"location": "model.pkl (pos 28)"
}
]
}
```
## π§ Getting Help
- **Documentation**: [promptfoo.dev/docs/model-audit/](https://www.promptfoo.dev/docs/model-audit/)
- **Troubleshooting**: [promptfoo.dev/docs/model-audit/troubleshooting/](https://www.promptfoo.dev/docs/model-audit/troubleshooting/)
- **Issues**: [github.com/promptfoo/modelaudit/issues](https://github.com/promptfoo/modelaudit/issues)
### π Troubleshooting Common Issues
**Scanner not working?**
```bash
# Check which scanners are available
modelaudit doctor --show-failed
```
**NumPy compatibility errors?**
```bash
# Option 1: Use the numpy1 compatibility mode
pip install modelaudit[numpy1]
# Option 2: Manually downgrade NumPy
pip install "numpy<2.0" --force-reinstall
pip install --force-reinstall tensorflow torch h5py # Reinstall ML frameworks
```
**Missing scanner for your format?**
```bash
# ModelAudit will tell you exactly what to install
modelaudit your-model.onnx
# Output: "onnx not installed, cannot scan ONNX files. Install with 'pip install modelaudit[onnx]'"
```
## π License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
Raw data
{
"_id": null,
"home_page": null,
"name": "modelaudit",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": null,
"keywords": "ai, ml, model-scanning, pickle, pytorch, security, tensorflow",
"author": null,
"author_email": "Ian Webster <ian@promptfoo.dev>, Michael D'Angelo <michael@promptfoo.dev>",
"download_url": "https://files.pythonhosted.org/packages/89/c1/8d128b550b799dcdeb1f42dc3c65062f4131824abdd94edab9d9d2e70c4a/modelaudit-0.2.4.tar.gz",
"platform": null,
"description": "# ModelAudit\n\n**Secure your AI models before deployment.** Detects malicious code, backdoors, and security vulnerabilities in ML model files.\n\n[](https://pypi.org/project/modelaudit/)\n[](https://pypi.org/project/modelaudit/)\n[](https://github.com/astral-sh/ruff)\n[](https://github.com/promptfoo/promptfoo/blob/main/LICENSE)\n\n<img width=\"989\" alt=\"image\" src=\"https://www.promptfoo.dev/img/docs/modelaudit/modelaudit-result.png\" />\n\n\ud83d\udcd6 **[Full Documentation](https://www.promptfoo.dev/docs/model-audit/)** | \ud83c\udfaf **[Usage Examples](https://www.promptfoo.dev/docs/model-audit/usage/)** | \ud83d\udd0d **[Supported Formats](https://www.promptfoo.dev/docs/model-audit/scanners/)**\n\n## \ud83d\ude80 Quick Start\n\n**Install and scan in 30 seconds:**\n\n```bash\n# Install ModelAudit with all ML framework support\npip install modelaudit[all]\n\n# Scan a model file\nmodelaudit model.pkl\n\n# Scan a directory\nmodelaudit ./models/\n\n# Export results for CI/CD\nmodelaudit model.pkl --format json --output results.json\n```\n\n**Example output:**\n\n```bash\n$ modelaudit suspicious_model.pkl\n\n\u2713 Scanning suspicious_model.pkl\nFiles scanned: 1 | Issues found: 2 critical, 1 warning\n\n1. suspicious_model.pkl (pos 28): [CRITICAL] Malicious code execution attempt\n Why: Contains os.system() call that could run arbitrary commands\n\n2. suspicious_model.pkl (pos 52): [WARNING] Dangerous pickle deserialization\n Why: Could execute code when the model loads\n\n\u2717 Security issues found - DO NOT deploy this model\n```\n\n## \ud83d\udee1\ufe0f What Problems It Solves\n\n### **Prevents Code Execution Attacks**\n\nStops malicious models that run arbitrary commands when loaded (common in PyTorch .pt files)\n\n### **Detects Model Backdoors**\n\nIdentifies trojaned models with hidden functionality or suspicious weight patterns\n\n### **Ensures Supply Chain Security**\n\nValidates model integrity and prevents tampering in your ML pipeline\n\n### **Enforces License Compliance**\n\nChecks for license violations that could expose your company to legal risk\n\n### **Finds Embedded Secrets**\n\nDetects API keys, tokens, and other credentials hidden in model weights or metadata\n\n### **Flags Network Communication**\n\nIdentifies URLs, IPs, and socket usage that could enable data exfiltration or C2 channels\n\n### **Detects Hidden JIT/Script Execution**\n\nScans TorchScript, ONNX, and other JIT-compiled code for dangerous operations\n\n## \ud83d\udcca Supported Model Formats\n\nModelAudit scans **all major ML model formats** with specialized security analysis for each:\n\n| Format | Extensions | Risk Level | Notes |\n| --------------- | ------------------------------------- | ---------- | -------------------------------------------- |\n| **PyTorch** | `.pt`, `.pth`, `.ckpt`, `.bin` | \ud83d\udd34 HIGH | Contains pickle serialization - always scan |\n| **Pickle** | `.pkl`, `.pickle`, `.dill` | \ud83d\udd34 HIGH | Avoid in production - convert to SafeTensors |\n| **Joblib** | `.joblib` | \ud83d\udd34 HIGH | Can contain pickled objects |\n| **SafeTensors** | `.safetensors` | \ud83d\udfe2 SAFE | Preferred secure format |\n| **GGUF/GGML** | `.gguf`, `.ggml` | \ud83d\udfe2 SAFE | LLM standard, binary format |\n| **ONNX** | `.onnx` | \ud83d\udfe2 SAFE | Industry standard, good interoperability |\n| **TensorFlow** | `.pb`, SavedModel | \ud83d\udfe0 MEDIUM | Scan for dangerous operations |\n| **Keras** | `.h5`, `.keras`, `.hdf5` | \ud83d\udfe0 MEDIUM | Check for executable layers |\n| **JAX/Flax** | `.msgpack`, `.flax`, `.orbax`, `.jax` | \ud83d\udfe1 LOW | Validate transforms |\n\nPlus 10+ additional formats including ExecuTorch, TensorFlow Lite, Core ML, and more.\n\n[View complete format documentation \u2192](https://www.promptfoo.dev/docs/model-audit/scanners/)\n\n## \ud83c\udfaf Common Use Cases\n\n### **Pre-Deployment Security Checks**\n\n```bash\nmodelaudit production_model.safetensors --format json --output security_report.json\n```\n\n### **CI/CD Pipeline Integration**\n\nModelAudit automatically detects CI environments and adjusts output accordingly:\n\n```bash\n# Recommended: Use JSON format for machine-readable output\nmodelaudit models/ --format json --output results.json\n\n# Text output automatically adapts to CI (no spinners, plain text)\nmodelaudit models/ --timeout 300\n\n# Disable colors explicitly with NO_COLOR environment variable\nNO_COLOR=1 modelaudit models/\n```\n\n**CI-Friendly Features:**\n\n- \ud83d\udeab Spinners automatically disabled when output is piped or in CI\n- \ud83c\udfa8 Colors disabled when `NO_COLOR` environment variable is set\n- \ud83d\udcca JSON output recommended for parsing in CI pipelines\n- \ud83d\udd0d Exit codes: 0 (clean), 1 (issues found), 2 (errors)\n\n### **Third-Party Model Validation**\n\n```bash\n# Scan models from HuggingFace, PyTorch Hub, MLflow, JFrog, or cloud storage\nmodelaudit https://huggingface.co/gpt2\nmodelaudit https://pytorch.org/hub/pytorch_vision_resnet/\nmodelaudit models:/MyModel/Production\nmodelaudit model.dvc\nmodelaudit s3://my-bucket/downloaded-model.pt\nmodelaudit https://company.jfrog.io/artifactory/repo/model.pt \\\n --jfrog-api-token YOUR_TOKEN\n```\n\n### **Compliance & Audit Reporting**\n\n```bash\nmodelaudit model_package.zip --sbom compliance_report.json --strict-license --verbose\n```\n\n[View advanced usage examples \u2192](https://www.promptfoo.dev/docs/model-audit/usage/)\n\n### \u2699\ufe0f Advanced CLI Options\n\nModelAudit provides additional flags for specialized workflows:\n\n- `--strict-license` \u2013 fail when incompatible or deprecated licenses are detected\n- `--max-file-size BYTES` / `--max-total-size BYTES` \u2013 limit scanning of very large files\n- `--max-download-size SIZE` \u2013 cap remote downloads (e.g., `500 MB`, `2 GB`)\n- `--preview` \u2013 show size and metadata before downloading remote models\n- `--cache/--no-cache` and `--cache-dir PATH` \u2013 control caching of cloud downloads\n- `--no-skip-files` and `--selective/--all-files` \u2013 control which files are scanned in directories\n- `--registry-uri URI` \u2013 scan models in an MLflow registry\n- `--jfrog-api-token` / `--jfrog-access-token` \u2013 authenticate with JFrog Artifactory\n\n### \ud83d\ude80 Large Model Support (Up to 1 TB)\n\nModelAudit automatically optimizes scanning strategies for different model sizes:\n\n- **< 100 GB**: Full in-memory analysis for comprehensive scanning\n- **100 GB - 1 TB**: Chunked processing with 50 GB chunks for memory efficiency\n- **1 TB - 5 TB**: Streaming analysis with intelligent sampling\n- **> 5 TB**: Advanced distributed scanning techniques\n\nLarge models are supported with automatic timeout increases and memory-optimized processing.\n\n### Static Scanning vs. Promptfoo Redteaming\n\nModelAudit performs **static** analysis only. It examines model files for risky patterns\nwithout ever loading or executing them. Promptfoo's redteaming module is\n**dynamic**\u2014it loads the model (locally or via API) and sends crafted prompts to\nprobe runtime behavior. Use ModelAudit first to verify the model file itself,\nthen run redteaming if you need to test how the model responds when invoked.\n\n## \u2699\ufe0f Installation Options\n\n**Basic installation (recommended for most users):**\n\n### Quick Install Decision Guide\n\n**\ud83d\ude80 Just want everything to work?**\n\n```bash\npip install modelaudit[all]\n```\n\n**\ud83d\udca1 Know what formats you need?**\n\n```bash\n# Basic installation (pickle, joblib, numpy, zip/tar archives)\npip install modelaudit\n\n# Add only what you need\npip install modelaudit[tensorflow] # TensorFlow SavedModel (.pb)\npip install modelaudit[pytorch] # PyTorch models (.pt, .pth)\npip install modelaudit[h5] # Keras/H5 models (.h5, .keras)\npip install modelaudit[onnx] # ONNX models (.onnx)\npip install modelaudit[safetensors] # SafeTensors (.safetensors)\n\n# Multiple formats\npip install modelaudit[tensorflow,pytorch,h5]\n```\n\n**\u2601\ufe0f Need cloud storage support?**\n\n```bash\npip install modelaudit[cloud] # S3, GCS, and Azure support\n```\n\n**\u26a0\ufe0f Having NumPy compatibility issues?**\n\n```bash\n# Some ML frameworks require NumPy < 2.0\npip install modelaudit[numpy1]\n\n# Check what's working\nmodelaudit doctor --show-failed\n```\n\n**Docker installation:**\n\n```bash\ndocker pull ghcr.io/promptfoo/modelaudit:latest\ndocker run --rm -v $(pwd):/data ghcr.io/promptfoo/modelaudit:latest model.pkl\n```\n\n### \ud83d\udce6 Dependency Reference\n\n<details>\n<summary><b>View all available extras and what they include</b></summary>\n\n**Core ML Frameworks:**\n\n| Extra | Includes | Use When |\n| --------------- | ----------- | --------------------------------------- |\n| `[h5]` | h5py | Scanning `.h5`, `.keras`, `.hdf5` files |\n| `[onnx]` | onnx | Scanning `.onnx` model files |\n| `[pytorch]` | torch | Scanning `.pt`, `.pth`, `.ckpt` files |\n| `[safetensors]` | safetensors | Scanning `.safetensors` files |\n| `[tensorflow]` | tensorflow | Scanning `.pb` SavedModel files |\n\n**Specialized Tools:**\n\n| Extra | Includes | Use When |\n| ------------ | ----------- | ---------------------------------------- |\n| `[coreml]` | coremltools | Scanning `.mlmodel` Core ML files |\n| `[flax]` | msgpack | Scanning `.msgpack`, `.flax` JAX files |\n| `[tensorrt]` | tensorrt | Scanning TensorRT engine files |\n| `[tflite]` | tflite | Scanning `.tflite` TensorFlow Lite files |\n| `[yaml]` | pyyaml | Scanning YAML configuration files |\n\n**Data & Storage:**\n\n| Extra | Includes | Use When |\n| ---------- | -------------------- | -------------------------------------- |\n| `[cloud]` | fsspec, s3fs, gcsfs | Scanning from S3, GCS, Azure storage |\n| `[dill]` | dill | Scanning `.dill` serialized files |\n| `[joblib]` | joblib, scikit-learn | Scanning `.joblib` scikit-learn models |\n\n**Integration:**\n\n| Extra | Includes | Use When |\n| --------------- | -------------------------- | ------------------------------------- |\n| `[huggingface]` | huggingface-hub (optional) | Explicit HuggingFace model downloads\u00b9 |\n| `[mlflow]` | mlflow | Scanning MLflow model registry |\n\n**Meta-packages:**\n\n| Extra | Includes | Use When |\n| ---------- | ---------------------------- | --------------------------------------- |\n| `[all-ci]` | All frameworks (no platform) | CI/CD environments |\n| `[all]` | All frameworks + tools | Maximum compatibility |\n| `[numpy1]` | All frameworks + NumPy<2.0 | Resolving NumPy compatibility conflicts |\n\n\u00b9 _Note: `huggingface-hub` is included in base installation; this extra is optional for explicit dependency management._\n\n</details>\n\n## \ud83d\udccb Output Formats\n\n**Human-readable output (default):**\n\n```bash\n$ modelaudit model.pkl\n\n\u2713 Scanning model.pkl\nFiles scanned: 1 | Issues found: 1 critical\n\n1. model.pkl (pos 28): [CRITICAL] Malicious code execution attempt\n Why: Contains os.system() call that could run arbitrary commands\n```\n\n**JSON output for automation:**\n\n```json\n{\n \"files_scanned\": 1,\n \"issues\": [\n {\n \"message\": \"Malicious code execution attempt\",\n \"severity\": \"critical\",\n \"location\": \"model.pkl (pos 28)\"\n }\n ]\n}\n```\n\n## \ud83d\udd27 Getting Help\n\n- **Documentation**: [promptfoo.dev/docs/model-audit/](https://www.promptfoo.dev/docs/model-audit/)\n- **Troubleshooting**: [promptfoo.dev/docs/model-audit/troubleshooting/](https://www.promptfoo.dev/docs/model-audit/troubleshooting/)\n- **Issues**: [github.com/promptfoo/modelaudit/issues](https://github.com/promptfoo/modelaudit/issues)\n\n### \ud83d\udd0d Troubleshooting Common Issues\n\n**Scanner not working?**\n\n```bash\n# Check which scanners are available\nmodelaudit doctor --show-failed\n```\n\n**NumPy compatibility errors?**\n\n```bash\n# Option 1: Use the numpy1 compatibility mode\npip install modelaudit[numpy1]\n\n# Option 2: Manually downgrade NumPy\npip install \"numpy<2.0\" --force-reinstall\npip install --force-reinstall tensorflow torch h5py # Reinstall ML frameworks\n```\n\n**Missing scanner for your format?**\n\n```bash\n# ModelAudit will tell you exactly what to install\nmodelaudit your-model.onnx\n# Output: \"onnx not installed, cannot scan ONNX files. Install with 'pip install modelaudit[onnx]'\"\n```\n\n## \ud83d\udcdd License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Static scanning library for detecting malicious code, backdoors, and other security risks in ML model files",
"version": "0.2.4",
"project_urls": {
"Homepage": "https://github.com/promptfoo/modelaudit",
"Repository": "https://github.com/promptfoo/modelaudit"
},
"split_keywords": [
"ai",
" ml",
" model-scanning",
" pickle",
" pytorch",
" security",
" tensorflow"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "4ea4fa6387535309273a81a5c5ccae9367d7939b63f4368a094cf1d679e643da",
"md5": "eb12868f8ec37c33e9c1fc04051c8985",
"sha256": "f858f64001fbb971f05eb4ae7bbcb7792eb8aad618b9c5ee400339fbc2c65066"
},
"downloads": -1,
"filename": "modelaudit-0.2.4-py3-none-any.whl",
"has_sig": false,
"md5_digest": "eb12868f8ec37c33e9c1fc04051c8985",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 394788,
"upload_time": "2025-08-28T10:11:24",
"upload_time_iso_8601": "2025-08-28T10:11:24.380558Z",
"url": "https://files.pythonhosted.org/packages/4e/a4/fa6387535309273a81a5c5ccae9367d7939b63f4368a094cf1d679e643da/modelaudit-0.2.4-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "89c18d128b550b799dcdeb1f42dc3c65062f4131824abdd94edab9d9d2e70c4a",
"md5": "19acca09b12ed4ebe44af27aef8002f3",
"sha256": "603c1b6dda27fbc83dcc7fdb9776153cd2e5e503c73e9bcc0bb08c039883e8d1"
},
"downloads": -1,
"filename": "modelaudit-0.2.4.tar.gz",
"has_sig": false,
"md5_digest": "19acca09b12ed4ebe44af27aef8002f3",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 9039472,
"upload_time": "2025-08-28T10:11:31",
"upload_time_iso_8601": "2025-08-28T10:11:31.071674Z",
"url": "https://files.pythonhosted.org/packages/89/c1/8d128b550b799dcdeb1f42dc3c65062f4131824abdd94edab9d9d2e70c4a/modelaudit-0.2.4.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-08-28 10:11:31",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "promptfoo",
"github_project": "modelaudit",
"github_not_found": true,
"lcname": "modelaudit"
}
